Privacy Policy

Last updated: April 11, 2026

This privacy policy explains how Choktse, operated by tibet.dev (“we”, “us”, “our”), processes personal data when you visit choktse.com, use our platform, or contact us. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch Implementation Act (Uitvoeringswet AVG).

1. Data Controller

The controller responsible for processing your personal data is:

tibet.dev (trading as Choktse)

The Netherlands

Email: privacy@choktse.com

For questions about this policy or your rights, contact us at the address above, marking your message “Privacy”.

2. Categories of Personal Data

Depending on how you interact with us, we may process:

  • Account data: name, email address, password (hashed), company details you provide when registering for a Choktse account.
  • Website & technical data: IP address, browser type, device identifiers, pages viewed, referring URL, and approximate location derived from IP.
  • Usage data: how you use the platform, features accessed, configuration choices, and support requests.
  • Contact data: name, email, and any information you include when contacting us via our website or email.
  • Payment data: billing address, payment method details (processed by our payment provider — we do not store full card numbers).

3. Purposes and Legal Bases (GDPR Article 6)

  • Performance of a contract — to create and manage your account, provide the Choktse platform services, process payments, and deliver customer support.
  • Legitimate interests — to operate and secure our platform, detect fraud, improve our services, analyse aggregated usage, and handle non-marketing enquiries. We balance these interests against your rights.
  • Legal obligation — to comply with tax, accounting, and law-enforcement requirements applicable in the Netherlands or the EU.
  • Consent — for optional cookies and for direct marketing communications. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. Recipients and Processors

We may share personal data with:

  • Infrastructure and hosting providers (e.g. Vercel, Railway, Supabase) who process data on our behalf under data processing agreements.
  • Payment service providers to authorise and settle payments.
  • Email service providers for transactional and, where you consent, marketing emails.
  • Professional advisers and authorities when required by law.

We enter into data processing agreements with processors where the GDPR requires it.

5. Transfers Outside the EEA

Where we use providers established outside the European Economic Area, we ensure an adequate level of protection through the European Commission's adequacy decisions, Standard Contractual Clauses (SCCs), or other GDPR-approved mechanisms. You may request more information about such safeguards by contacting us.

6. Retention

We keep personal data only as long as necessary for the purposes described above, including statutory retention periods. Account data is retained for the duration of your subscription and a reasonable period after closure. Technical logs and analytics data are retained in accordance with our internal policies and applicable legal requirements.

7. Cookies and Similar Technologies

Our website uses essential cookies to operate the platform (e.g. authentication tokens). Non-essential cookies (e.g. analytics) are used only with your consent where required. You can control cookies through your browser settings.

8. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase data in certain circumstances (“right to be forgotten”);
  • Restrict processing in certain circumstances;
  • Data portability for data you provided, where processing is automated and based on consent or contract;
  • Object to processing based on legitimate interests;
  • Withdraw consent at any time where processing is consent-based;
  • Lodge a complaint with a supervisory authority — in the Netherlands, the Autoriteit Persoonsgegevens (AP).

To exercise your rights, email privacy@choktse.com. We may need to verify your identity before responding.

9. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, or unauthorised access. All data in transit is encrypted via TLS. Access to personal data is restricted to authorised personnel.

10. Data Processing on Behalf of Our Customers

When hospitality businesses use the Choktse platform to manage reservations, menus, or customer interactions, we act as a data processor on their behalf. The business is the data controller for their end-user data. Our processing is governed by our data processing agreement with each business customer.

11. Children

Our platform is intended for business use and is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have collected such data, please contact us so we can delete it.

12. Changes

We may update this privacy policy from time to time. The “Last updated” date at the top will change when we do. Material changes will be communicated via the platform or email. We encourage you to review this page periodically.

Related

See also our Terms & Conditions.